[SR-4529] Optimizer emits crashing code for this constructor #47106
Labels
bug
A deviation from expected or documented behavior. Also: expected but undesirable behavior.
compiler
The Swift compiler in itself
crash
Bug: A crash, i.e., an abnormal termination of software
optimized only
Flag: An issue whose reproduction requires optimized compilation
run-time crash
Bug → crash: Swift code crashed during execution
Attachment: Download
Environment
Xcode Version 8.3.1 (8E1000a)
Apple Swift version 3.1 (swiftlang-802.0.51 clang-802.0.41)
Additional Detail from JIRA
md5: ecd38b896e8a316a6476e34f0786b80c
Issue Description:
In the attached sample project, the Swift optimizer miscompiles an initializer, causing runtime memory UB. I believe this behavior is new in Swift 3.1.
1. Use release mode
2. Enable guard malloc
3. Run program
The relevant Swift:
In studying the disassembly, Swift seems to be using (retaining?) self.i after free (
swift_unknownRelease
seems to befree
here in practice), and this use-after-free occurs in practically every path through the function. My notes in the margin, I'm new to the runtime memory internals so corrections appreciated:In the workaround disassembly, there are zero calls to
unknownRelease
, and the values passed toswift_rt_swift_release
are treated dead as expected.The text was updated successfully, but these errors were encountered: